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Amendments to the Claims: 

Please cancel claims 22, 39, 47, and 50 without prejudice of disclaimer. This listing of 
claims will replace all prior versions, and listings of claims in the application: 

Listing of Claims: 

1-14. (Canceled) 

1 5 . (Currently Amended) A method for identifying members of a group, 
comprising the steps of: 

determining dynamic members of a first group based on a rule that defines 
dynamic membership for said first group, wherein said rule is stored in a dynamic rule attribute 
of an identity profile of said first group; 

storing an identification of each of said dynamic members of said first group; 

determining nested members of said first group; 

storing an identification of each of said nested members of said first group; 

receiving a request to report members of said first group, said request is received 
subsequent to said step of storing; and 

reporting said dynamic members and said nested members of said first group in 
response to said request, said reporting of said dynamic members is performed based on said 
stored identification of said dynamic members and said reporting of said nested members is 
performed based on said stored identification of said nested members . 

16. (Previously Presented) A method according to claim 15, wherein: 
said first group includes one or more static members; 

an identification of each of said static members is stored in a static member 
attribute for said identity profile of said first group; and 
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said identification of each of said dynamic members is stored in said static 
member attribute for said identity profile of said first group. 

17. (Previously Presented) A method according to claim 15, wherein: 
said first group includes one or more static members; 

an identification of each of said static members is stored in a static member 

attribute for said identity profile of said first group; 

said identity profile of said first group also includes an expansion attribute; and 
said method can only be performed if said expansion attribute includes an 

appropriate value. 

18. (Previously Presented) A method according to claim 17, wherein: 

said method can only be performed for an entity having access to said expansion 
attribute and said dynamic rule attribute. 

19. (Original) A method according to claim 15, wherein: 
said steps of determining and storing are automatically repeated. 

20. (Original) A method according to claim 15, wherein: 

said steps of determining, storing and receiving are performed by an integrated 
identity and access system. 

21. (Original) A method according to claim 20, wherein: 

said integrated identity and access system is capable of performing authorization 
services based on membership in said first group. 

22. (Canceled) 

23. (Currently Amended) A method according to claim 22 15, wherein: 
said nested members include members of multiple levels of nested groups. 
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24. (Currently Amended) A method according to claim 22 15, wherein: 
said step of determining nested members includes recursively determining 

members of group members. 

25. (Currently Amended) A method according; to claim 22 15, wherein: 
said first group includes one or more static members; and 

said step of reporting includes reporting said static members. 

26. (Currently Amended) A method according to claim 22 15, wherein said 
step of determining nested members includes the steps of: 

determining all static group members of said first group; 

determining all static and dynamic members of said static group members of said 

first group; 

determining all static group members of said static group members of said first 

group; and 

determining all members of said static group members of said static group 
members of said first group. 

27. (Currently Amended) A method according to claim 22 15 wherein: 

said first group and nested groups of said first group include rules defining criteria 
for being dynamic members; and 

said step of determining dynamic members includes the steps of determining a 
normalized set of said rules and determining which users are defined by said normalized set of 
said rules, said users defined by said normalized set of said rules are said dynamic members of 
said first group. 

28. (Original) A method according to claim 15, wherein: 
said first group includes one or more static members; and 
said step of reporting includes reporting said static members. 
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29-34. (Canceled) 

35. (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method 
comprising the steps of: 

determining dynamic members of a first group based on a rule that defines 
dynamic membership for said first group, wherein said rule is stored in a dynamic rule attribute 
of an identity profile of said first group; 

storing an identification of each of said dynamic members of said first group; 

determining nested members of said first group, said nested members include 
members of multiple levels of nested groups; 

storing an identification of each of said nested members of said first group; 

receiving a request to report members of said first group, said request is received 
subsequent to said step of storing; and 

reporting said dynamic members and said nested members of said first group in 
response to said request, said reporting of said dynamic members is performed based on said 
stored identification of said dynamic members and said reporting of said nested members is 
performed based on said stored identification of said nested members . 

36. (Original) One or more processor readable storage devices according to 
claim 35, wherein: 

said first group includes one or more static members; and 
said step of reporting includes reporting said static members. 

37. (Original) One or more processor readable storage devices according to 
claim 36, wherein: 

said steps of determining and storing are automatically repeated. 
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38. (Original) One or more processor readable storage devices according to 
claim 36, wherein: 

said steps of determining, storing and receiving are performed by an integrated 
identity and access system. 

39-43. (Canceled) 

44. (Currently Amended) An apparatus that can determine members of a 
group, comprising: 

a communication interface; and 

one or more processors in communication with said communication interface, 
said one or more processors perform a method comprising the steps of: 

determining dynamic members of a first group based on a rule that defines 
dynamic membership for said first group, wherein said rule is stored in a dynamic rule attribute 
of an identity profile of said first group and said first group includes one or more static members, 
storing an identification of each of said dynamic members of said first 

group, 

determining nested members of said first group, said nested members 
include members of multiple levels of nested groups: 

storing an identification of each of said nested members of said first 

group: 

receiving a request to report members of said first group, said request is 
received subsequent to said step of storing, and 

reporting said static members^ and-said dynamic members , and said nested 
members of said first group in response to said request, said reporting of said dynamic members 
is performed based on said stored identification of said dynamic members and said reporting of 
said nested members is performed based on said stored identification of said nested members . 

45. (Original) An apparatus according to claim 44, wherein: 
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said steps of determining and storing are automatically repeated. 

46. (Original) An apparatus according to claim 44, wherein: 

said steps of determining, storing and receiving are performed by an integrated 
identity and access system. 

47. (Canceled) 

48. (Currently Amended) An integrated identity and access system 

comprising: 

an identity system adapted to determine dynamic members of a first group based 
on a rule that defines dynamic membership for said first group, wherein said rule is stored in a 
dynamic rule attribute of an identity profile of said first group, store an identification of each of 
said dynamic members of said first group, determine nested members of said first group, store an 
identification of each of said nested members of said first group, receive a request to report 
members of said first group, said request is received subsequent to said step of storing, and report 
said dynamic members and said nested members of said first group in response to said request, 
said reporting of said dynamic members is performed based on said stored identification of said 
dynamic members and said reporting; of said nested members is performed based on said stored 
identification of said nested members ; and 

an access system adapted to perform authentication services based on membership 
in said first group. 

49. (Previously Presented) The integrated identity and access system of claim 

48, wherein: 

said first group includes one or more static members; 
an identification of each of said static members is stored in a static member 
attribute for said identity profile of said first group; and 



OID-2005-162-03 



Page 7 of 10 



Appl. No. 09/998,926 

Amdt. dated: December 5, 2006 

Reply to Office Action of September 11, 2006 



PATENT 



said identification of each of said dynamic members is stored in said static 
member attribute for said identity profile of said first group. 

50. (Canceled) 

5 1 . (Currently Amended) The integrated identity and access system of claim 
§q 48, wherein the identity system is adapted to determine nested members byi 

determining all static group members of said first group; 

determining all static and dynamic members of said static group members of said 

first group; 

determining all static group members of said static group members of said first 

group; and 

determining all members of said static group members of said static group 
members of said first group. 

52. (Currently Amended) The integrated identity and access system of claim 
48, wherein said first group and nested groups of said first group include rules defining 

criteria for being dynamic members and the identity system is adapted to determine dynamic 
members by determining a normalized set of said rules and determining which users are defined 
by said normalized set of said rules, said users defined by said normalized set of said rules are 
said dynamic members of said first group. 
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